Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
web-audio-peak-meter
Advanced tools
Customizable peak meters, using the web audio API. It can measure peak or true peak based on ITU-R BS.1770
To use these meters, first create a <div>
with a width and height and an <audio>
element:
<div id="my-peak-meter" style="width: 5em; height: 20em; margin: 1em 0;"></div>
<audio id="my-audio" preload="metadata" controls="controls">
<source src="audio/marines_hymn.mp3" type="audio/mpeg" />
</audio>
Then, at the bottom of your <body>
tag, add the script tag for these meters. I recommend copying the latest web-audio-peak-meter-<version>.min.js
file from the docs
directory and self-hosting it, or installing via npm and bundling it with your application. Next, create an AudioContext
if you don't have one already and create an AudioNode from the <audio>
element, connecting it to the destination node. Finally, create a meter node and call the createMeter
function, passing in the Element object, the meter node, and an optional object for configuration options, like so:
<script>
const myMeterElement = document.getElementById('my-peak-meter');
const myAudio = document.getElementById('my-audio');
const audioCtx = new window.AudioContext();
const sourceNode = audioCtx.createMediaElementSource(myAudio);
sourceNode.connect(audioCtx.destination);
const myMeter = new webAudioPeakMeter.WebAudioPeakMeter(sourceNode, myMeterElement);
myAudio.addEventListener('play', function () {
audioCtx.resume();
});
</script>
In this example we used an HTML5 audio element, but these meters can work with any web audio API source node. This example was just meant to show the simplest possible use case. If you are already familiar with the web audio API adapting this example to your needs should be fairly self-explanatory, but please reach out if anything isn't working or doesn't make sense.
If you are compiling your javascript with a tool like browserify, webpack, or rollup, you can integrate these meters into your site using the CommonJS require()
syntax.
First, add web-audio-peak-meter as a dev dependency to your project:
npm install --save-dev web-audio-peak-meter
Next, import the webAudioPeakMeter module into your javascript:
const webAudioPeakMeter = require('web-audio-peak-meter');
Finally, use as you would in the above example:
var myMeterElement = document.getElementById('my-peak-meter');
var myAudio = document.getElementById('my-audio');
var audioCtx = new (window.AudioContext || window.webkitAudioContext)();
var sourceNode = audioCtx.createMediaElementSource(myAudio);
sourceNode.connect(audioCtx.destination);
var meterNode = webAudioPeakMeter.createMeterNode(sourceNode, audioCtx);
webAudioPeakMeter.createMeter(myMeterElement, meterNode, {});
myAudio.addEventListener('play', function () {
audioCtx.resume();
});
(Note: the markup remains the same as in the basic example)
The following options options are supported (the third parameter of the constructor)
true
, displays a vertical meter (default: false
)2
)9
)#123456
, rgba(0,0,0, 0.5)
, or slategray
(default: black
),lightgray
),lightgray
),['red 1%', '#ff0 16%', 'lime 45%', '#080 100%']
),-48
)0
)6
)transition
property of the meter bars. Use a longer value for a smoother animation and a shorter value for faster updates (default: 0.1s
)peak-sample
, or true-peak
(default: peak-sample
)0
, meaning never reset)In an effort to prevent unwanted auto-playing audio, some browsers do not allow the web audio API's AudioContext
to start when it is first created. It must be started by calling resume()
on the context after the user interacts with the page. Different browsers implement this requirement differently, however:
AudioContext
is initially paused. Can be resumed by either a callback attached to a click event or by adding a listener to an audio/video element's play
event. (more information)AudioContext
is initially runningAudioContext
is initially paused. Can be resumed only by a callback attached to a click event - listening for play
events on HTML media elements does not work.If using <audio>
or <video>
elements and the source media is not on the same domain as the web site, the server serving the media must add an access-control-allow-origin
header with the domain of the web site to the response. (more information)
The minified javascript is built using rollup. There's no difference (for now) between the development version and the production version. To start a local server for debugging, run:
npm ci
npm run start
And open a browser to http://localhost:6080/web-audio-peak-meter/index.html to see a local version of the docs page.
Contributions are welcome! I'd love to hear any ideas for how these meters could be more user-friendly as well as about any bugs or unclear documentation. If you are at all interested in this project, please create an issue or pull request on this project's github page.
Code and documentation copyright 2016 Evan Sonderegger and released under the MIT License.
FAQs
A customizable peak meter using the web audio API
The npm package web-audio-peak-meter receives a total of 510 weekly downloads. As such, web-audio-peak-meter popularity was classified as not popular.
We found that web-audio-peak-meter demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.